SmartHawk

5.0

中危

58 个模型检测该样本为恶意！

重新分析

下载样本

d56c5f1b66eda443c82bf157d8ff018c256a9e35f770a1c99d997f6d70ded574

e44d151ead4333b8f362233eb3c60323.exe

分析耗时

49s

最近分析

文件大小

628.1KB

静态报毒动态报毒 AGEN AI SCORE=86 AIDETECTVM BANKERX CONFIDENCE ECOI EJJF ELDORADO EMOTET ENCPK GDSDA GENASA GENCIRC GENKRYPTIK GJBO GNBBIO GZWV HIGH CONFIDENCE INJECT3 KRYPT KRYPTIK MALWARE1 MALWARE@#3A7QBYBAAQS6L NRBBA25JVIK NY1@AENAPWKI R + MAL R304684 SCORE TRICKBOT UNSAFE UTLXIIWG6EQ ZEXACO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Emotet-FPT!E44D151EAD43	20201211	6.0.6.653
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0
Alibaba	Trojan:Win32/TrickBot.a7121762	20190527	0.3.0.5
Avast	Win32:BankerX-gen [Trj]	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft		20201211	2017.9.26.565
Tencent	Malware.Win32.Gencirc.10b7d851	20201211	1.0.0.1

Queries for the computername (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619970038.446 GetComputerNameW	computer_name: OSKAR-PC	success	1	0
1619970043.134 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619970038.228 GlobalMemoryStatusEx		success	1	0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (9 个事件)

Time & API	Arguments	Status
1619970036.16525 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x01eb0000	success
1619970036.16525 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 184320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x01ec0000	success
1619970036.30625 NtProtectVirtualMemory	process_identifier: 2712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 180224 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01f71000	success
1619970037.36825 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x04870000	success
1619970037.36825 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x01f50000	success
1619970037.36825 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x10000000	success
1619970037.36825 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x10001000	success
1619970037.36825 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x04890000	success
1619970037.41525 NtAllocateVirtualMemory	process_identifier: 2712 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x048a0000	success

Creates a suspicious process (1 个事件)

cmdline

C:\Windows\system32\svchost.exe

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.875577349893417

section

{'size_of_data': '0x00031000', 'virtual_address': '0x00056000', 'entropy': 7.875577349893417, 'name': '.data', 'virtual_size': '0x00034948'}

description

A section with a high entropy has been found

entropy

0.3141025641025641

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 个事件)

host	113.108.239.196
host	172.217.24.14

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

172.217.24.14:443

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Inject3.31962
MicroWorld-eScan	Trojan.Agent.EJJF
FireEye	Generic.mg.e44d151ead4333b8
McAfee	Emotet-FPT!E44D151EAD43
Malwarebytes	Trojan.TrickBot
Zillya	Trojan.Agent.Win32.1220030
SUPERAntiSpyware	Trojan.Agent/Gen-TrickBot
Sangfor	Malware
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Trojan:Win32/TrickBot.a7121762
K7GW	Trojan ( 00521b151 )
K7AntiVirus	Trojan ( 00521b151 )
Arcabit	Trojan.Agent.EJJF
BitDefenderTheta	Gen:NN.ZexaCO.34670.Ny1@aeNapWki
Cyren	W32/Agent.BKY.gen!Eldorado
Symantec	Trojan.Emotet
ESET-NOD32	a variant of Win32/Kryptik.GZWV
APEX	Malicious
Avast	Win32:BankerX-gen [Trj]
ClamAV	Win.Dropper.TrickBot-7473393-0
Kaspersky	HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender	Trojan.Agent.EJJF
NANO-Antivirus	Trojan.Win32.Inject3.gnbbio
Paloalto	generic.ml
ViRobot	Trojan.Win32.Trickbot.643072.B
Rising	Dropper.Agent!8.2F (TFE:5:NrBbA25JViK)
Ad-Aware	Trojan.Agent.EJJF
Emsisoft	Trojan.Agent.EJJF (B)
Comodo	Malware@#3a7qbybaaqs6l
F-Secure	Heuristic.HEUR/AGEN.1111712
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TrojanSpy.Win32.TRICKBOT.SMC
McAfee-GW-Edition	BehavesLike.Win32.Spyware.jh
Sophos	Mal/Generic-R + Mal/EncPk-APB
Ikarus	Trojan.Win32.Krypt
Jiangmin	TrojanDropper.Agent.gjbo
Avira	HEUR/AGEN.1111712
Antiy-AVL	Trojan/Win32.GenKryptik
Gridinsoft	Trojan.Win32.Emotet.dd!n
Microsoft	Trojan:Win32/TrickBot.CZ!MTB
AegisLab	Trojan.Win32.Emotet.L!c
ZoneAlarm	HEUR:Trojan-Banker.Win32.Emotet.gen
GData	Trojan.Agent.EJJF
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Trickbot.R304684
VBA32	TrojanDropper.Agent
ALYac	Trojan.Agent.EJJF
MAX	malware (ai score=86)

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-12-19 13:32:02

Imports

Library VERSION.dll:

• 0x48c0d8 VerQueryValueA

• 0x48c0dc GetFileVersionInfoSizeA

• 0x48c0e0 GetFileVersionInfoA

Library PSAPI.DLL:

• 0x48be08 GetProcessMemoryInfo

Library KERNEL32.dll:

• 0x48bb10 GlobalSize

• 0x48bb14 CopyFileA

• 0x48bb18 RtlUnwind

• 0x48bb1c GetStartupInfoA

• 0x48bb20 GetCommandLineA

• 0x48bb24 ExitProcess

• 0x48bb28 CreateThread

• 0x48bb2c ExitThread

• 0x48bb30 RaiseException

• 0x48bb34 HeapReAlloc

• 0x48bb38 HeapSize

• 0x48bb3c GetACP

• 0x48bb40 GetTimeZoneInformation

• 0x48bb44 GetSystemTime

• 0x48bb48 GetLocalTime

• 0x48bb4c HeapDestroy

• 0x48bb50 HeapCreate

• 0x48bb54 VirtualFree

• 0x48bb58 FatalAppExitA

• 0x48bb5c VirtualAlloc

• 0x48bb60 IsBadWritePtr

• 0x48bb64 UnhandledExceptionFilter

• 0x48bb68 FreeEnvironmentStringsA

• 0x48bb6c FreeEnvironmentStringsW

• 0x48bb70 GetEnvironmentStrings

• 0x48bb74 GetEnvironmentStringsW

• 0x48bb78 SetHandleCount

• 0x48bb7c GetStdHandle

• 0x48bb80 GetFileType

• 0x48bb84 SetUnhandledExceptionFilter

• 0x48bb88 LCMapStringA

• 0x48bb8c LCMapStringW

• 0x48bb90 GetStringTypeA

• 0x48bb94 GetStringTypeW

• 0x48bb98 IsBadReadPtr

• 0x48bb9c IsBadCodePtr

• 0x48bba0 IsValidLocale

• 0x48bba4 IsValidCodePage

• 0x48bba8 GetLocaleInfoA

• 0x48bbac EnumSystemLocalesA

• 0x48bbb0 GetTickCount

• 0x48bbb4 SetConsoleCtrlHandler

• 0x48bbb8 SetStdHandle

• 0x48bbbc GetLocaleInfoW

• 0x48bbc0 CompareStringA

• 0x48bbc4 CompareStringW

• 0x48bbc8 SetEnvironmentVariableA

• 0x48bbcc GetProcAddress

• 0x48bbd0 LoadLibraryW

• 0x48bbd4 Sleep

• 0x48bbd8 TerminateProcess

• 0x48bbdc GetExitCodeProcess

• 0x48bbe0 OpenProcess

• 0x48bbe4 GetVersionExA

• 0x48bbe8 FreeLibrary

• 0x48bbec GetLastError

• 0x48bbf0 CloseHandle

• 0x48bbf4 HeapAlloc

• 0x48bbf8 HeapFree

• 0x48bbfc GetProcessHeap

• 0x48bc00 LoadLibraryA

• 0x48bc04 GetCurrentThreadId

• 0x48bc08 GetCurrentThread

• 0x48bc0c lstrcmpiA

• 0x48bc10 lstrcmpA

• 0x48bc14 GlobalDeleteAtom

• 0x48bc18 GlobalAlloc

• 0x48bc1c GlobalLock

• 0x48bc20 GetModuleFileNameA

• 0x48bc24 WaitForSingleObject

• 0x48bc28 SetEvent

• 0x48bc2c ResumeThread

• 0x48bc30 SetThreadPriority

• 0x48bc34 SuspendThread

• 0x48bc38 CreateEventA

• 0x48bc3c LoadResource

• 0x48bc40 FindResourceA

• 0x48bc44 LockResource

• 0x48bc48 GlobalFree

• 0x48bc4c GlobalUnlock

• 0x48bc50 InterlockedExchange

• 0x48bc54 lstrlenW

• 0x48bc58 FileTimeToLocalFileTime

• 0x48bc5c FileTimeToSystemTime

• 0x48bc60 GetShortPathNameA

• 0x48bc64 GetStringTypeExA

• 0x48bc68 GetFullPathNameA

• 0x48bc6c GetVolumeInformationA

• 0x48bc70 DeleteFileA

• 0x48bc74 MoveFileA

• 0x48bc78 SetEndOfFile

• 0x48bc7c UnlockFile

• 0x48bc80 LockFile

• 0x48bc84 FlushFileBuffers

• 0x48bc88 SetFilePointer

• 0x48bc8c WriteFile

• 0x48bc90 ReadFile

• 0x48bc94 GetCurrentProcess

• 0x48bc98 DuplicateHandle

• 0x48bc9c SetErrorMode

• 0x48bca0 GetOEMCP

• 0x48bca4 GetCPInfo

• 0x48bca8 GetThreadLocale

• 0x48bcac SizeofResource

• 0x48bcb0 GetProfileStringA

• 0x48bcb4 GetProcessVersion

• 0x48bcb8 GetCurrentDirectoryA

• 0x48bcbc WritePrivateProfileStringA

• 0x48bcc0 GetPrivateProfileStringA

• 0x48bcc4 GetPrivateProfileIntA

• 0x48bcc8 GlobalFlags

• 0x48bccc TlsGetValue

• 0x48bcd0 LocalReAlloc

• 0x48bcd4 TlsSetValue

• 0x48bcd8 EnterCriticalSection

• 0x48bcdc GlobalReAlloc

• 0x48bce0 LeaveCriticalSection

• 0x48bce4 TlsFree

• 0x48bce8 GlobalHandle

• 0x48bcec DeleteCriticalSection

• 0x48bcf0 TlsAlloc

• 0x48bcf4 InitializeCriticalSection

• 0x48bcf8 LocalAlloc

• 0x48bcfc SetFileAttributesA

• 0x48bd00 CreateFileA

• 0x48bd04 SetFileTime

• 0x48bd08 SystemTimeToFileTime

• 0x48bd0c LocalFileTimeToFileTime

• 0x48bd10 FindFirstFileA

• 0x48bd14 FindClose

• 0x48bd18 lstrlenA

• 0x48bd1c lstrcpynA

• 0x48bd20 GetFileTime

• 0x48bd24 GetFileSize

• 0x48bd28 GetFileAttributesA

• 0x48bd2c MulDiv

• 0x48bd30 SetLastError

• 0x48bd34 FormatMessageA

• 0x48bd38 LocalFree

• 0x48bd3c MultiByteToWideChar

• 0x48bd40 WideCharToMultiByte

• 0x48bd44 InterlockedDecrement

• 0x48bd48 InterlockedIncrement

• 0x48bd4c GetVersion

• 0x48bd50 lstrcatA

• 0x48bd54 GlobalGetAtomNameA

• 0x48bd58 GlobalAddAtomA

• 0x48bd5c GlobalFindAtomA

• 0x48bd60 lstrcpyA

• 0x48bd64 GetModuleHandleA

• 0x48bd68 GetUserDefaultLCID

Library USER32.dll:

• 0x48be28 CharUpperA

• 0x48be2c SetRectEmpty

• 0x48be30 LoadAcceleratorsA

• 0x48be34 TranslateAcceleratorA

• 0x48be38 LoadMenuA

• 0x48be3c SetMenu

• 0x48be40 ReuseDDElParam

• 0x48be44 UnpackDDElParam

• 0x48be48 InvalidateRect

• 0x48be4c BringWindowToTop

• 0x48be50 RegisterClipboardFormatA

• 0x48be54 RemoveMenu

• 0x48be58 PostThreadMessageA

• 0x48be5c DestroyIcon

• 0x48be60 InsertMenuA

• 0x48be64 PtInRect

• 0x48be68 GetClassNameA

• 0x48be6c WindowFromPoint

• 0x48be70 GetWindowThreadProcessId

• 0x48be74 GetDesktopWindow

• 0x48be78 WaitMessage

• 0x48be7c ReleaseCapture

• 0x48be80 SetCapture

• 0x48be84 LoadCursorA

• 0x48be88 DestroyMenu

• 0x48be8c GrayStringA

• 0x48be90 DrawTextA

• 0x48be94 TabbedTextOutA

• 0x48be98 EndPaint

• 0x48be9c BeginPaint

• 0x48bea0 GetWindowDC

• 0x48bea4 ClientToScreen

• 0x48bea8 wvsprintfA

• 0x48beac OemToCharA

• 0x48beb0 CharToOemA

• 0x48beb4 MoveWindow

• 0x48beb8 SetWindowTextA

• 0x48bebc IsDialogMessageA

• 0x48bec0 ScrollWindowEx

• 0x48bec4 IsDlgButtonChecked

• 0x48bec8 SetDlgItemTextA

• 0x48becc SetDlgItemInt

• 0x48bed0 GetDlgItemTextA

• 0x48bed4 GetDlgItemInt

• 0x48bed8 CheckRadioButton

• 0x48bedc CheckDlgButton

• 0x48bee0 UpdateWindow

• 0x48bee4 SendDlgItemMessageA

• 0x48bee8 MapWindowPoints

• 0x48beec GetSysColor

• 0x48bef0 SetFocus

• 0x48bef4 AdjustWindowRectEx

• 0x48bef8 ScreenToClient

• 0x48befc EqualRect

• 0x48bf00 DeferWindowPos

• 0x48bf04 BeginDeferWindowPos

• 0x48bf08 EndDeferWindowPos

• 0x48bf0c InflateRect

• 0x48bf10 GetScrollInfo

• 0x48bf14 SetScrollInfo

• 0x48bf18 ShowScrollBar

• 0x48bf1c GetScrollRange

• 0x48bf20 SetScrollRange

• 0x48bf24 GetScrollPos

• 0x48bf28 SetScrollPos

• 0x48bf2c GetTopWindow

• 0x48bf30 IsChild

• 0x48bf34 GetCapture

• 0x48bf38 WinHelpA

• 0x48bf3c GetClassInfoA

• 0x48bf40 GetMenu

• 0x48bf44 GetMenuItemCount

• 0x48bf48 GetSubMenu

• 0x48bf4c GetMenuItemID

• 0x48bf50 TrackPopupMenu

• 0x48bf54 SetWindowPlacement

• 0x48bf58 GetWindowTextLengthA

• 0x48bf5c GetWindowTextA

• 0x48bf60 GetDlgCtrlID

• 0x48bf64 GetDialogBaseUnits

• 0x48bf68 CreateWindowExA

• 0x48bf6c GetClassLongA

• 0x48bf70 SetPropA

• 0x48bf74 UnhookWindowsHookEx

• 0x48bf78 GetPropA

• 0x48bf7c CallWindowProcA

• 0x48bf80 RemovePropA

• 0x48bf84 GetMessageTime

• 0x48bf88 GetMessagePos

• 0x48bf8c GetForegroundWindow

• 0x48bf90 SetForegroundWindow

• 0x48bf94 SetWindowLongA

• 0x48bf98 RegisterWindowMessageA

• 0x48bf9c OffsetRect

• 0x48bfa0 IntersectRect

• 0x48bfa4 UnregisterClassA

• 0x48bfa8 HideCaret

• 0x48bfac ShowCaret

• 0x48bfb0 ExcludeUpdateRgn

• 0x48bfb4 DrawFocusRect

• 0x48bfb8 DefDlgProcA

• 0x48bfbc IsWindowUnicode

• 0x48bfc0 SystemParametersInfoA

• 0x48bfc4 GetWindowPlacement

• 0x48bfc8 GetWindowRect

• 0x48bfcc CopyRect

• 0x48bfd0 GetDC

• 0x48bfd4 ReleaseDC

• 0x48bfd8 MapDialogRect

• 0x48bfdc SetWindowPos

• 0x48bfe0 GetWindow

• 0x48bfe4 SetWindowContextHelpId

• 0x48bfe8 EndDialog

• 0x48bfec SetActiveWindow

• 0x48bff0 IsWindow

• 0x48bff4 CreateDialogIndirectParamA

• 0x48bff8 MessageBeep

• 0x48bffc GetNextDlgGroupItem

• 0x48c000 SetRect

• 0x48c004 CopyAcceleratorTableA

• 0x48c008 ScrollWindow

• 0x48c00c CharNextA

• 0x48c010 DestroyWindow

• 0x48c014 GetDlgItem

• 0x48c018 GetMenuCheckMarkDimensions

• 0x48c01c LoadBitmapA

• 0x48c020 GetMenuState

• 0x48c024 ModifyMenuA

• 0x48c028 SetMenuItemBitmaps

• 0x48c02c CheckMenuItem

• 0x48c030 EnableMenuItem

• 0x48c034 GetFocus

• 0x48c038 GetNextDlgTabItem

• 0x48c03c GetMessageA

• 0x48c040 TranslateMessage

• 0x48c044 DispatchMessageA

• 0x48c048 GetActiveWindow

• 0x48c04c GetKeyState

• 0x48c050 CallNextHookEx

• 0x48c054 ValidateRect

• 0x48c058 IsWindowVisible

• 0x48c05c PeekMessageA

• 0x48c060 GetCursorPos

• 0x48c064 SetWindowsHookExA

• 0x48c068 GetParent

• 0x48c06c GetLastActivePopup

• 0x48c070 IsWindowEnabled

• 0x48c074 GetWindowLongA

• 0x48c078 MessageBoxA

• 0x48c07c SetCursor

• 0x48c080 ShowOwnedPopups

• 0x48c084 PostMessageA

• 0x48c088 wsprintfA

• 0x48c08c LoadIconA

• 0x48c090 EnableWindow

• 0x48c094 GetClientRect

• 0x48c098 IsIconic

• 0x48c09c GetSystemMenu

• 0x48c0a0 SendMessageA

• 0x48c0a4 AppendMenuA

• 0x48c0a8 DrawIcon

• 0x48c0ac GetSystemMetrics

• 0x48c0b0 PostQuitMessage

• 0x48c0b4 ShowWindow

• 0x48c0b8 LoadStringW

• 0x48c0bc LoadStringA

• 0x48c0c0 GetSysColorBrush

• 0x48c0c4 GetMenuStringA

• 0x48c0c8 DefWindowProcA

• 0x48c0cc DeleteMenu

• 0x48c0d0 RegisterClassA

Library GDI32.dll:

• 0x48b9bc SetViewportOrgEx

• 0x48b9c0 OffsetViewportOrgEx

• 0x48b9c4 SetViewportExtEx

• 0x48b9c8 ScaleViewportExtEx

• 0x48b9cc SetWindowOrgEx

• 0x48b9d0 OffsetWindowOrgEx

• 0x48b9d4 SetWindowExtEx

• 0x48b9d8 ScaleWindowExtEx

• 0x48b9dc SelectClipRgn

• 0x48b9e0 ExcludeClipRect

• 0x48b9e4 IntersectClipRect

• 0x48b9e8 OffsetClipRgn

• 0x48b9ec MoveToEx

• 0x48b9f0 LineTo

• 0x48b9f4 SetTextAlign

• 0x48b9f8 SetTextJustification

• 0x48b9fc SetTextCharacterExtra

• 0x48ba00 SetMapperFlags

• 0x48ba04 GetCurrentPositionEx

• 0x48ba08 ArcTo

• 0x48ba0c SetArcDirection

• 0x48ba10 PolyDraw

• 0x48ba14 PolylineTo

• 0x48ba18 SetColorAdjustment

• 0x48ba1c PolyBezierTo

• 0x48ba20 DeleteObject

• 0x48ba24 GetClipRgn

• 0x48ba28 CreateRectRgn

• 0x48ba2c SelectClipPath

• 0x48ba30 ExtSelectClipRgn

• 0x48ba34 SetMapMode

• 0x48ba38 GetObjectType

• 0x48ba3c EnumMetaFile

• 0x48ba40 PlayMetaFile

• 0x48ba44 GetDeviceCaps

• 0x48ba48 GetViewportExtEx

• 0x48ba4c GetWindowExtEx

• 0x48ba50 CreatePen

• 0x48ba54 ExtCreatePen

• 0x48ba58 CreateSolidBrush

• 0x48ba5c CreateHatchBrush

• 0x48ba60 CreatePatternBrush

• 0x48ba64 CreateDIBPatternBrushPt

• 0x48ba68 PtVisible

• 0x48ba6c RectVisible

• 0x48ba70 TextOutA

• 0x48ba74 ExtTextOutA

• 0x48ba78 Escape

• 0x48ba7c GetTextExtentPoint32A

• 0x48ba80 GetTextMetricsA

• 0x48ba84 CreateFontIndirectA

• 0x48ba88 GetTextColor

• 0x48ba8c GetBkColor

• 0x48ba90 DPtoLP

• 0x48ba94 LPtoDP

• 0x48ba98 GetMapMode

• 0x48ba9c SetRectRgn

• 0x48baa0 CombineRgn

• 0x48baa4 CopyMetaFileA

• 0x48baa8 CreateDCA

• 0x48baac SetStretchBltMode

• 0x48bab0 SetROP2

• 0x48bab4 SetPolyFillMode

• 0x48bab8 SetBkMode

• 0x48babc SelectPalette

• 0x48bac0 GetStockObject

• 0x48bac4 SelectObject

• 0x48bac8 RestoreDC

• 0x48bacc SaveDC

• 0x48bad0 StartDocA

• 0x48bad4 DeleteDC

• 0x48bad8 GetObjectA

• 0x48badc SetBkColor

• 0x48bae0 SetTextColor

• 0x48bae4 GetClipBox

• 0x48bae8 GetDCOrgEx

• 0x48baec CreateRectRgnIndirect

• 0x48baf0 PatBlt

• 0x48baf4 GetTextExtentPointA

• 0x48baf8 BitBlt

• 0x48bafc CreateCompatibleDC

• 0x48bb00 PlayMetaFileRecord

• 0x48bb04 CreateDIBitmap

• 0x48bb08 CreateBitmap

Library comdlg32.dll:

• 0x48c0f8 GetOpenFileNameA

• 0x48c0fc GetFileTitleA

• 0x48c100 GetSaveFileNameA

Library WINSPOOL.DRV:

• 0x48c0e8 OpenPrinterA

• 0x48c0ec DocumentPropertiesA

• 0x48c0f0 ClosePrinter

Library ADVAPI32.dll:

• 0x48b960 RegEnumKeyA

• 0x48b964 RegCreateKeyExA

• 0x48b968 RegOpenKeyExA

• 0x48b96c RegQueryValueExA

• 0x48b970 RegSetValueExA

• 0x48b974 RegDeleteValueA

• 0x48b978 RegDeleteKeyA

• 0x48b97c RegOpenKeyA

• 0x48b980 RegSetValueA

• 0x48b984 RegCreateKeyA

• 0x48b988 RegCloseKey

• 0x48b98c RegQueryValueA

Library SHELL32.dll:

• 0x48be10 DragQueryFileA

• 0x48be14 DragFinish

• 0x48be18 SHGetFileInfoA

• 0x48be1c DragAcceptFiles

• 0x48be20 ExtractIconA

Library COMCTL32.dll:

• 0x48b994

• 0x48b998

• 0x48b99c ImageList_Destroy

• 0x48b9a0 ImageList_Create

• 0x48b9a4 ImageList_LoadImageA

• 0x48b9a8 ImageList_Merge

• 0x48b9ac ImageList_Read

• 0x48b9b0 ImageList_Write

• 0x48b9b4

Library oledlg.dll:

• 0x48c18c

Library ole32.dll:

• 0x48c108 ReadFmtUserTypeStg

• 0x48c10c OleRegGetUserType

• 0x48c110 WriteClassStg

• 0x48c114 WriteFmtUserTypeStg

• 0x48c118 SetConvertStg

• 0x48c11c CreateBindCtx

• 0x48c120 OleDuplicateData

• 0x48c124 CoFreeUnusedLibraries

• 0x48c128 OleUninitialize

• 0x48c12c OleInitialize

• 0x48c130 OleFlushClipboard

• 0x48c134 ReadClassStg

• 0x48c138 CoCreateInstance

• 0x48c13c CoTaskMemAlloc

• 0x48c140 CoTaskMemFree

• 0x48c144 CreateILockBytesOnHGlobal

• 0x48c148 StgCreateDocfileOnILockBytes

• 0x48c14c StgOpenStorageOnILockBytes

• 0x48c150 CoGetClassObject

• 0x48c154 CLSIDFromString

• 0x48c158 CLSIDFromProgID

• 0x48c15c OleIsCurrentClipboard

• 0x48c160 CreateStreamOnHGlobal

• 0x48c164 StringFromCLSID

• 0x48c168 CoTreatAsClass

• 0x48c16c ReleaseStgMedium

• 0x48c170 CoRegisterMessageFilter

• 0x48c174 CoRegisterClassObject

• 0x48c178 CoRevokeClassObject

• 0x48c17c OleRun

• 0x48c180 OleSetClipboard

• 0x48c184 CoDisconnectObject

Library OLEPRO32.DLL:

• 0x48be00

Library OLEAUT32.dll:

• 0x48bd70 LoadTypeLib

• 0x48bd74 SysStringLen

• 0x48bd78 SafeArrayDestroyDescriptor

• 0x48bd7c SafeArrayDestroyData

• 0x48bd80 SafeArrayDestroy

• 0x48bd84 SafeArrayUnlock

• 0x48bd88 SafeArrayLock

• 0x48bd8c SafeArrayPutElement

• 0x48bd90 SafeArrayPtrOfIndex

• 0x48bd94 SafeArrayGetElement

• 0x48bd98 SafeArrayAllocDescriptor

• 0x48bd9c SafeArrayAllocData

• 0x48bda0 SafeArrayCopy

• 0x48bda4 VarBstrFromDate

• 0x48bda8 VarDateFromStr

• 0x48bdac VarBstrFromCy

• 0x48bdb0 VarCyFromStr

• 0x48bdb4 SysStringByteLen

• 0x48bdb8 SysAllocStringByteLen

• 0x48bdbc SafeArrayRedim

• 0x48bdc0 SafeArrayCreate

• 0x48bdc4 SafeArrayGetDim

• 0x48bdc8 SafeArrayGetElemsize

• 0x48bdcc SafeArrayGetLBound

• 0x48bdd0 SafeArrayGetUBound

• 0x48bdd4 SafeArrayAccessData

• 0x48bdd8 SafeArrayUnaccessData

• 0x48bddc SysAllocString

• 0x48bde0 SysReAllocStringLen

• 0x48bde4 VariantChangeType

• 0x48bde8 VariantCopy

• 0x48bdec VariantTimeToSystemTime

• 0x48bdf0 VariantClear

• 0x48bdf4 SysFreeString

• 0x48bdf8 SysAllocStringLen

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702
192.168.56.101	55369	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.